If a nonnull argument evaluates to UnknownVal, don't warn (and don't crash).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106456 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/Checker/AttrNonNullChecker.cpp b/lib/Checker/AttrNonNullChecker.cpp
index 471cf19717038d4798b09192af97a128a1219f38..d0bccb27b4059fbad23a46acc59766bd549b75a4 100644 (file)
--- a/lib/Checker/AttrNonNullChecker.cpp
+++ b/lib/Checker/AttrNonNullChecker.cpp
@@ -60,11 +60,16 @@ void AttrNonNullChecker::PreVisitCallExpr(CheckerContext &C,
     if (!Att->isNonNull(idx))
       continue;
 
-    const DefinedSVal &V = cast<DefinedSVal>(state->getSVal(*I));
+    SVal V = state->getSVal(*I);
+    DefinedSVal *DV = dyn_cast<DefinedSVal>(&V);
+
+    // If the value is unknown or undefined, we can't perform this check.
+    if (!DV)
+      continue;
 
     ConstraintManager &CM = C.getConstraintManager();
     const GRState *stateNotNull, *stateNull;
-    llvm::tie(stateNotNull, stateNull) = CM.AssumeDual(state, V);
+    llvm::tie(stateNotNull, stateNull) = CM.AssumeDual(state, *DV);
 
     if (stateNull && !stateNotNull) {
       // Generate an error node.  Check for a null node in case

diff --git a/test/Analysis/null-deref-ps.c b/test/Analysis/null-deref-ps.c
index 5a1049c7d71ec24ec91a2cd23ad289d0adbca1ac..eac7957fb9219b90cffa119b301895bf86b88cd2 100644 (file)
--- a/test/Analysis/null-deref-ps.c
+++ b/test/Analysis/null-deref-ps.c
@@ -118,6 +118,11 @@ void f6d(int *p) {
   }  
 }
 
+void f6e(int *p, int offset) {
+  // PR7406 - crash from treating an UnknownVal as defined, to see if it's 0.
+  bar((p+offset)+1, 0); // not crash
+}
+
 int* qux();
 
 int f7(int x) {